npm - fast-xml-parser - Versions diffs - 5.4.0 → 5.4.2 - Mend

fast-xml-parser 5.4.0 → 5.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

package/CHANGELOG.md +9 -4
package/lib/fxp.cjs +1 -1
package/lib/fxp.d.cts +7 -0
package/lib/fxp.min.js +1 -1
package/lib/fxp.min.js.map +1 -1
package/lib/fxparser.min.js +1 -1
package/lib/fxparser.min.js.map +1 -1
package/package.json +1 -1
package/src/fxp.d.ts +7 -0
package/src/xmlparser/DocTypeReader.js +10 -1
package/src/xmlparser/OptionsBuilder.js +2 -0
package/src/xmlparser/OrderedObjParser.js +16 -5

package/src/fxp.d.ts CHANGED Viewed

@@ -34,6 +34,13 @@ export type ProcessEntitiesOptions = {
    */
   maxExpandedLength?: number;
+  /**
+   * Maximum number of entities allowed in the XML
+   *
+   * Defaults to `100`
+   */
+  maxEntityCount?: number;
   /**
    * Array of tag names where entity replacement is allowed.
    * If null, entities are replaced in all tags.

package/src/xmlparser/DocTypeReader.js CHANGED Viewed

@@ -7,8 +7,9 @@ export default class DocTypeReader {
     }
     readDocType(xmlData, i) {
         const entities = Object.create(null);
+        let entityCount = 0;
         if (xmlData[i + 3] === 'O' &&
             xmlData[i + 4] === 'C' &&
             xmlData[i + 5] === 'T' &&
@@ -26,11 +27,19 @@ export default class DocTypeReader {
                         let entityName, val;
                         [entityName, val, i] = this.readEntityExp(xmlData, i + 1, this.suppressValidationErr);
                         if (val.indexOf("&") === -1) { //Parameter entities are not supported
+                            if (this.options.enabled !== false &&
+                                this.options.maxEntityCount &&
+                                entityCount >= this.options.maxEntityCount) {
+                                throw new Error(
+                                    `Entity count (${entityCount + 1}) exceeds maximum allowed (${this.options.maxEntityCount})`
+                                );
+                            }
                             const escaped = entityName.replace(/[.\-+*:]/g, '\\.');
                             entities[entityName] = {
                                 regx: RegExp(`&${escaped};`, "g"),
                                 val: val
                             };
+                            entityCount++;
                         }
                     }
                     else if (hasBody && hasSeq(xmlData, "!ELEMENT", i)) {

package/src/xmlparser/OptionsBuilder.js CHANGED Viewed

@@ -56,6 +56,7 @@ function normalizeProcessEntities(value) {
       maxExpansionDepth: 10,
       maxTotalExpansions: 1000,
       maxExpandedLength: 100000,
+      maxEntityCount: 100,
       allowedTags: null,
       tagFilter: null
     };
@@ -69,6 +70,7 @@ function normalizeProcessEntities(value) {
       maxExpansionDepth: value.maxExpansionDepth ?? 10,
       maxTotalExpansions: value.maxTotalExpansions ?? 1000,
       maxExpandedLength: value.maxExpandedLength ?? 100000,
+      maxEntityCount: value.maxEntityCount ?? 100,
       allowedTags: value.allowedTags ?? null,
       tagFilter: value.tagFilter ?? null
     };

package/src/xmlparser/OrderedObjParser.js CHANGED Viewed

@@ -414,6 +414,17 @@ const parseXml = function (xmlData) {
             this.addChild(currentNode, childNode, jPath, startIndex);
             jPath = jPath.substr(0, jPath.lastIndexOf("."));
           }
+          else if(this.options.unpairedTags.indexOf(tagName) !== -1){//unpaired tag
+            const childNode = new xmlNode(tagName);
+            if(tagName !== tagExp && attrExpPresent){
+              childNode[":@"] = this.buildAttributesMap(tagExp, jPath);
+            }
+            this.addChild(currentNode, childNode, jPath, startIndex);
+            jPath = jPath.substr(0, jPath.lastIndexOf("."));
+            i = result.closeIndex;
+            // Continue to next iteration without changing currentNode
+            continue;
+          }
           //opening tag
           else {
             const childNode = new xmlNode(tagName);
@@ -535,19 +546,19 @@ const replaceEntitiesValue = function (val, tagName, jPath) {
 }
-function saveTextToParentTag(textData, currentNode, jPath, isLeafNode) {
+function saveTextToParentTag(textData, parentNode, jPath, isLeafNode) {
   if (textData) { //store previously collected data as textNode
-    if (isLeafNode === undefined) isLeafNode = currentNode.child.length === 0
+    if (isLeafNode === undefined) isLeafNode = parentNode.child.length === 0
     textData = this.parseTextData(textData,
-      currentNode.tagname,
+      parentNode.tagname,
       jPath,
       false,
-      currentNode[":@"] ? Object.keys(currentNode[":@"]).length !== 0 : false,
+      parentNode[":@"] ? Object.keys(parentNode[":@"]).length !== 0 : false,
       isLeafNode);
     if (textData !== undefined && textData !== "")
-      currentNode.add(this.options.textNodeName, textData);
+      parentNode.add(this.options.textNodeName, textData);
     textData = "";
   }
   return textData;